I need the flink cluster on my local to connect to a kafka topic running on a managed environment.
Firstly, the cluster on my local is NOT just any cluster. It is a cluster associated with my application. And my application has some level of recognition within the company.
The application needs to have an identity. It needs to be trustable so that it can be allowed to work with the topic.
To do that, the application gets a new SSL certificate with it’s name and short name etc. This certificate needs to be trusted by the managed kafka runtime.
To establish this trust, I raise a request to the caretakers of the environment, giving the details of my application’s certificate. And they approve my application. Now, my application is allowed to work with the particular topic.
So I specify the path of the key store file (.JKS) and the trust store file in my application so that SSL communication can be done to establish trust with the topic running on the managed environment at the time of running the application.
At high level, bird’s eye view level, I told the environment who I am and got the permissions, and then at run-time I establish the communication by again passing in the necessary application SSL related info.
Details would be the SSL negotiation details which has mostly been abstracted away from the developers. Developers just need to know where to specify the SSL related files so that the underlying application framework/ web server would take care of the details.
